The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards >Intrusion Detection Standard

Intrusion Detection Standard

Purpose - Intrusion detection is the use of tools and policies to monitor system performance in order to prevent unauthorized use of UTSA information resources. Intrusion detection provides two important functions in protecting information resources:

  1. Trigger: a mechanism that determines when to activate planned responses to an intrusion incident.
  2. Feedback: information about the effectiveness of other components of the security system. If a robust and effective intrusion detection system is in place, the lack of detected intrusions is an indication that other defenses are working.

Audience - The UTSA Intrusion Detection Standard applies to all individuals who are responsible for the installation of new information resources, the operations of existing information resources and individuals charged with information resources security.

  1. Users shall be trained to report any anomalies in system performance and/or signs of suspected wrongdoing to the Information Security Officer (ISO) or the Computer Incident Response Team at ext. 5555, OITConnect (Help Desk) at ext. 5555 or to the UTSA Compliance Hotline, (210) 877-1888.

  2. All suspected and/or confirmed instances of successful and/or attempted intrusions must be reported immediately in accordance with the Incident Management Standard.

  3. Operating system, user accounting and application software audit logging processes must be enabled on all host and server systems.

  4. Alarm and alert functions of firewalls and other network perimeter access control systems must be enabled.

  5. Audit logging of firewalls and other network perimeter access control systems must be enabled.

  6. Audit logs from the perimeter access control systems must be monitored/reviewed daily by the system administrator.

  7. System integrity checks of the firewalls and other network perimeter access control systems must be performed on a daily basis.

  8. Audit logs for servers and hosts on the internal, protected network must be reviewed on a weekly basis. The system administrator must furnish any audit logs as requested by the ISO.

  9. Network/host-based intrusion tools will be checked on a daily basis.

  10. All trouble reports received by system administration personnel should be reviewed for signs that might indicate intrusive activity.

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools